LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-14-2006, 10:25 AM   #1
muddywaters
Member
 
Registered: May 2005
Location: Winnipeg, Canada
Distribution: mostly mepis
Posts: 427

Rep: Reputation: 30
nmap shows open kdm


I have 2 machines connected through a d-link router. After setting up nfs decided to run nmap from the client to check the ports on the nfs server (Mepis). Everything was as expected except for
1024/tcp open kdm
Is this open to allow remote x login? If so I don't need it.

Reading previous posts on this hinted that the /etc/kde3/kdm/Xservers file can be edited. Mine looks like this

:0 local@tty1 /usr/X11R6/bin/X -dpi 100 -nolisten tcp
:1 local@tty2 reserve /usr/X11R6/bin/X -dpi 100 -nolisten tcp :1
#:2 local@tty3 reserve /usr/X11R6/bin/X -nolisten tcp :2
#:3 local@tty4 reserve /usr/X11R6/bin/X -nolisten tcp :3
#:4 local@tty5 reserve /usr/X11R6/bin/X -nolisten tcp :4

It looks like the nolisten option is already there. Is there anything else that should be changed? Should I be concerned? Feel free to call me paranoid.
 
Old 05-14-2006, 02:50 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Run netstat -pantu on the server that you scanned and post the output. Port 1024 is often one of the first ports that is dynamically assigned so it could be any application. The -nolisten tcp settings should keep the Xserver from setting up a socket. Also what was the exact command that you used with nmap to scan the box?
 
Old 05-14-2006, 09:04 PM   #3
muddywaters
Member
 
Registered: May 2005
Location: Winnipeg, Canada
Distribution: mostly mepis
Posts: 427

Original Poster
Rep: Reputation: 30
Capt_Caveman

Thanks for the response. Maybe I should point out this computer has nothing of value other than the connection itself. Just trying to learn a few things.
The output of the netstat;

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN 3956/inetd
tcp 0 0 0.0.0.0:68 0.0.0.0:* LISTEN 3232/pump
tcp 0 0 0.0.0.0:905 0.0.0.0:* LISTEN 4115/rpc.statd
tcp 0 0 0.0.0.0:20012 0.0.0.0:* LISTEN 3956/inetd
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 3909/spamd.pid
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3270/portmap
tcp 0 0 0.0.0.0:33333 0.0.0.0:* LISTEN 4035/rpc.mountd
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 3947/cupsd
tcp 0 0 127.0.0.1:895 0.0.0.0:* LISTEN 4111/famd
udp 0 0 0.0.0.0:2049 0.0.0.0:* -
udp 0 0 0.0.0.0:1026 0.0.0.0:* -
udp 0 0 0.0.0.0:899 0.0.0.0:* 4115/rpc.statd
udp 0 0 0.0.0.0:902 0.0.0.0:* 4115/rpc.statd
udp 0 0 0.0.0.0:33333 0.0.0.0:* 4035/rpc.mountd
udp 0 0 0.0.0.0:111 0.0.0.0:* 3270/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3947/cupsd

The command I was running fom the client;
nmap -P0 192.1680.101

2049 is nfs afaik. Still don't know what 1024 is. Also tried 'lsof -i :1024'. Possibly doesn't matter with the router firewall running(?)

edit/sorry for sloppy paste job.

Last edited by muddywaters; 05-14-2006 at 09:12 PM.
 
Old 05-14-2006, 10:08 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Try stopping the NFS and Portmapper services then re-run the netstat command and see if it still shows up.

If you aren't using NFS and RPC then I'd recommend turning those services off permanently.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
nmap shows nothing on windows master Linux - Security 2 10-03-2005 10:56 PM
NMAP - open/filtered response. Palula Linux - Security 9 09-20-2005 02:10 PM
nmap not showing all open ports Seiken Slackware 27 02-25-2005 02:54 PM
nmap-open ports master Linux - Security 2 12-13-2004 02:12 PM
nmap shows port 21 open, but no ftp service running ? epoo Linux - Networking 3 12-21-2003 08:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration